General

  • Target

    NOTIFICACION DEMANDA PERSONAL.exe

  • Size

    489KB

  • Sample

    230530-x53xeabd37

  • MD5

    35e7110e47ba3d42bf5b71937e02ce8b

  • SHA1

    7194f08ad122d5e2e1d7b432522d6e9fc2565d7b

  • SHA256

    792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d

  • SHA512

    70020e4680f74fd17705b14b0cc11541c773844952ee211eda82291b49b07c94acae9a7aa406c0f6e41fbad4a54d7ff10432b0acb0b2bbf5bc66201b8c6aec43

  • SSDEEP

    12288:qimcuTGiqcyQoiAsxhfi+/wHKK8zsK/nn6F2oG:qimcUGiqcyuAoh6jHKRzsKvQ23

Score
10/10

Malware Config

Extracted

Family

raccoon

rc4.plain

Targets

    • Target

      NOTIFICACION DEMANDA PERSONAL.exe

    • Size

      489KB

    • MD5

      35e7110e47ba3d42bf5b71937e02ce8b

    • SHA1

      7194f08ad122d5e2e1d7b432522d6e9fc2565d7b

    • SHA256

      792f7b6362d213e5976d71aea0f36488aae184b30e021210e847d1450546c39d

    • SHA512

      70020e4680f74fd17705b14b0cc11541c773844952ee211eda82291b49b07c94acae9a7aa406c0f6e41fbad4a54d7ff10432b0acb0b2bbf5bc66201b8c6aec43

    • SSDEEP

      12288:qimcuTGiqcyQoiAsxhfi+/wHKK8zsK/nn6F2oG:qimcUGiqcyuAoh6jHKRzsKvQ23

    Score
    10/10
    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks